D3.1: Overview on IMS

The document is directed at an audience of academics, EU policy-makers, experts from technological, social science and legal disciplines and interested citizens.

It will give an overview of existing identity management systems (IMS). Different types, classes and subclasses of IMS are identified, described and illustrated by examples of existing IMS. To get an overview of the variety of existing technical implementations different designs of IMS are presented. Privacy enhancing mechanisms are developed and selected corresponding privacy enhancing technologies (PET) are shown as examples of existing implementations of those mechanisms. Finally an overview is presented of current research and development activities on IMS and conclusions, especially from the FIDIS Network of Excellence.

D3.2: A study on PKI and biometrics

Public-Key Infrastructures (PKIs) have been a hot topic for several years now, and many - often very practical - questions are still open. These certainly include corruption of keys or algorithms, usability, awareness of users and security issues. With respect to high-tech IDs, advanced PKI, e.g. supporting convertible credentials, could be developed. Until now, official PKI in member states, working according to the Digital Signature Act and national signature law, rarely work with pseudonymous keys and certificates. To improve the diffusion of electronic signatures into European markets six concrete measures are suggested. Both technologists and lawyers have experience in research on biometrics in the form of technology assessment and conceptualisation. However, for many kinds of biometrics it is still unclear how much security and privacy can be achieved. As the biometric market evolves in response to technology enhancement and political pressure, it is imperative that research on this topic is up to date, especially with respect to avoidance of discrimination and to privacycompliance. This document forms a comprehensive study on PKIs and biometrics, specifically from the legal and technological point of view, with focus put on the possibility of privacy-enhancing implementations.

D3.3: Study on Mobile Identity Management

This study gives a technical survey on mobile identity management. It identifies requirements for mobile identity management systems in particular on security and privacy of mobile users with mobile devices, e.g. smart phones or smart cards. A non-technical reader should understand the need and requirements for mobile identity management systems. Approaches for realising these requirements are described. The study gives answers to the following questions.

What are the requirements for mobile identity management systems in particular on user’s mobility and privacy

Which approaches for realising mobile identity management systems do exist?

What are the open issues and further steps towards mobile identity management?

D3.6 Study on ID Documents

This document gives an overview of concepts, prototypes and implementations of European ID documents including machine readable travel documents (MRTDs). Although not totally comprehensive, it summarises basic technologies that are used for ID documents such as PKI, RFID, biometrics and chip card technologies. Legal grounds for European MRTDs are described and analysed. In addition to a short overview on implementations, five good practice examples are described and discussed. Security and privacy aspects of ID documents are analysed basing on current state-of-the-art in the described basic technologies and existing implementations of ID documents. Further, critical elements of cost projections for ID documents are presented and analysed from a social perspective.

D3.7: A Structured Collection on Information and Literature on Technological and Usability Aspects of Radio Frequency Identification (RFID)

In this deliverable the physical properties of RFID, types of RFID systems basing on the physical properties and operational aspects of RFID systems are introduced and described. An overview on currently know security threats for RFID systems, countermeasures and related cost aspects is given. This is followed by a brief overview on current areas of application for RFID. To put a light on status quo and trends of development in the private sector in the context of RFID, the results of a study carried out in 2004 and 2005 in Germany are summarised. This is followed by an overview on relevant standards in the context of RFID. This deliverable also includes a bibliography containing relevant literature in the context of RFID. This is published in the bibliographic system at www.fidis.net/interactive/rfid-bibliography/

D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication

This deliverable investigates identity-related properties of commonly usedprotocols and interesting proposed approaches for new protocols. This includes,categorising and showing dependencies between network protocols and theoutline of privacy properties, based on personal data disclosed, linkability andidentifiability. Further, it critically discusses whether privacy experts are – andshould be – involved in the process of designing protocols. Protocols forcommunication in networks are analysed according to privacy-relevant data andtechniques for privacy-aware communication and their associated protocols areexplained. Finally in this document, new developments for Next GenerationInternet protocols are described.

This deliverable assumes some prior knowledge, but references and furtherreading is there to help the reader.

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Trusted Computing (TC) is a key enabling technology adding substantially newsecurity features, making many new use cases possible, which mayrevolutionize identity management. However, this emerging technology is notundisputed and raises many societal questions related to privacy, rights onownership etc. This study takes a deeper look into TC concepts like TPMs,Trustworthy Operating Systems etc, and discusses possible use and businesscases for TC in the context of identity and identification, pointing out possiblerisks of this technology in terms of privacy and consumer protection.

The objective of this study is to give an overview of Trusted Computingconcepts and its supporting technologies, and to introduce new ideas on howthose concepts can support or influence digital identification and identitymanagement systems, including possible privacy and anonymity implications ofTrusted Computing specifications defined by the Trusted Computing Group.

This deliverable differs substantially from 33 of ALU-FR, as it addressesmainly the use of TC mechanisms on the client side and focuses on thetechnology description and its impact on IMS.

D3.10: Biometrics in identity management

This deliverable discusses the deployment of biometrics for the management of identity in the public and private sector from a technical, legal, security and forensic point of view. It highlights some specific security and privacy aspects, including those from new demonstrations of user/capture and capture/extraction threats, but also stresses the advantages which biometrics offer. The research indicates that a fruitful debate about the risks and opportunities of biometrics requires the use of an agreed harmonised vocabulary and that discussion should focus on where the control over the biometric system is exercised and on the functionalities and purposes of the applications. The report proposes, in this context, five groups of biometric application models for future use. Although biometric references become increasingly part of various identity applications, there remain several research items which are not yet fully explored as illustrated and described, such as the question of health related information contained in biometric templates and the proportionality of the use of biometric data. The report also warns for biometric data becoming a primary key for the interoperability of systems. Finally, the document offers guidance in the deployment of biometrics, including by describing an approach on how to preserve privacy and to enhance security by the data subject retaining control over the biometric data.

D3.11: Report on the Maintenance of the IMS Database

This document is a report summarising the maintenance work carried out for the database on Identity Management Systems (IMS database) in the context of D8.6 and D3.11. This report covers the third FIDIS period (April 2006 to March 2007).

D3.12: Federated Identity Management – what’s in it for the citizen/customer?

This deliverable ventures into the federated identity management (FIM)landscape from the perspective of the individual end user. It provides anoverview of features and requirements for FIMs and analyses four FIMframeworks (Liberty Aliance, Shibboleth, PRIME, and Microsoft Cardspace) onthe basis of these user inspired requirements.

D3.13: Study on Usability of IMS

Usability is an important factor influencing the acceptance of technologyrelatedproducts and subsequently the decision process to use or buy them. Forthis reason usability has been of interest in market research for many years.However, in the context of user-controlled Identity Management Systems(IMS) hardly any comparative usability studies have been published.This document gives an overview of established evaluation methods andcriteria for usability and analyses which methods and criteria are suited for usercontrolled IMS. The selected methods and criteria are applied to twelve IMS insix functional classes. These classes include user controlled identifiermanagement, policy management, form filling, context monitoring and historymanagement. Nine of these IMS are further analysed in depth and the results ofthe tests are published in this report.

Biometric systems vary widely in their set-up, architecture and purpose(security, convenience, forensic etc.). The objective of this deliverable is aproof of concept for a trusted authentication system that uses biometrics in adivided control scheme. In this scheme the biometric data is encapsulated in apersonal token controlled by the user but the implementation of the biometricprocessing is in the tamper resistant token is controlled by the operator. Theproof of concept is achieved through a practical application of a distributedbiometric authentication and transaction verification system in a field test setupto demonstrate the usability of the theoretical framework elaborated in D3.10.The field test is based on a small but still representative sample of users fromdifferent European countries. The test participants are authenticated throughtheir biometrics without any disclosure of biometric data to an operator(application of the proportionality principle).The theoretical basis for this demonstrator system is based on the dividedcontrol model using encapsulated biometric data and processing that has beendescribed in D3.10. This implementation was recommended as preferred modelfor privacy-enhancing biometric applications. It relies on functionalrequirements in terms of conformity with the existing legal privacy frameworkand recommendations for biometric systems in the EU and in Switzerland.

D3.15: Report on the Maintenance of the ISM Database

This document is a report summarising the maintenance work carried out for the database on Identity Management Systems (IMS database) in the context of D3.15. This report covers the third FIDIS period (April 2007 to March 2008).

D3.15a: Report on the Maintenance of the IMS Database

This document is a report summarising the maintenance work carried out forthe database on Identity Management Systems (IMS database) in the context ofD3.15.This report covers the fifth FIDIS period (April 2007 to March 2009).

D3.16: Biometrics: PET or PIT?

Biometrics plays a vital role in identity management. Biometric data are,however, sensitive and vulnerable, and there is a need to develop biometricapplications as a privacy-enhancing technology (PET) rather than a privacyinvasivetechnology (PIT). Building on earlier FIDIS research, this reportstudies technical, organizational, and policy decisions in the development ofbiometrics applications that influence their becoming PETs or PITs. Thesedecisions balance the interests of individuals to have control over their personaldata against commercial, societal, and political interests, security, convenience,and efficiency. This report identifies criteria for determining the‘PET’ content of technologies and looks at several case studies of decisionmakingprocesses in biometrics: biometric pseudonyms and iris recognition,Privacy Impact Assessments, voice recognition, the German ePass, and theDutch central database of passport biometrics. These case studies suggest apossible gap between expectations and assessments based on technicalknowledge and between economic and political expectations of and requirementsfor biometric applications. Based on this finding, recommendationsare given to enhance awareness of privacy-enhancing technologies and toapply value-sensitive design in the development of biometric applications.

D3.17: Identity Management Systems – recent developments

This document describes and analyses developments and trends on the marketfor IMS in the recent years including current standardisation efforts. Use casesdescribe such new types of IMS. Trends in the development of new IMS gavean initiative to revise the typology for IMS developed within FIDIS.

D3.18: Demonstration of a new approach for preserving identity and privacy in mobile transactions using Id-token with Trusted Computing

This deliverable considers a possible approach to give the ability for a user toverify that the computing devices she is using are trustworthy (i.e., in a reliableand secure configuration, free of malware, spyware, etc.) in order to preserveher digital identity in mobile transactions on different computing devices.Through this deliverable, Sirrix and Axsionics give a demonstration of jointsolution for this problem. On a high level, our idea is to allow a user to verifythe trustworthiness of a platform using an Axsionics personal identitymanagement assistant (Internet Passport, a credit card sized id-token thatmanages cryptographic keys and identities). Therefore, she will hold her Idtokento the screen of the PC to be verified. The Id-token then – using itsunique optical interface - verifies the trustworthiness of the PC. For thispurpose, so-called attestation protocols are conceived and prototyped. Those arecarried out between the user’s PC and a verification server. This is achieved byemeans of trusted computing technologies integrated in the user’s PC.

D12.1: Integrated Workshop on Emerging AmI Technologies

The FIDIS WP12 workshop on Emerging AmI Technologies was held at the University of Reading, UK on the 26-27 October 2006. This workshop was designed to be the kick-off event for two subsequent deliverables: D12.2 "Study on Emerging AmI Technologies" & D12.3 "Holistic Privacy Framework for RFID Applications". As such, the core content of these deliverables was developed through a range of participant presentations and subsequent discussion and co-ordination of the contributions of the partners was conducted. This document is a brief record of the event.

D12.2: Study on Emerging AmI Technologies

The technical issues relating to the actual implementation and thus realisationof Ambient Intelligence (AmI) environments are immense, and in most casestangible solutions to technical related problems are still yet to be found.Meanwhile, ‘Emerging Technologies’ has become a term which considers theconvergence of areas such as nanotechnology, biotechnology, informationtechnology, cognitive science, robotics, and artificial intelligence. Here wediscuss how technologies which stem from this idea of domain fusion can beconsidered appropriate in the fabric of an AmI environment, meaning that AmImay actually be an application area made possible through this new emergingtechnology phenomenon. Further, we assess some of the emerging technologieson the basis of the European Charter of Fundamental Rights and Freedoms andapply an ‘infoethic’ approach (the application of ethical principles to thedevelopment and use of information and communication technologies) to raisequestions regarding the role of fundamental rights for emerging technologies.Additionally, we offer a forum for an initial inter-disciplinary debate based onthe complex issue of technology evolution in its wider socio-cultural contextthrough the use of an initial anthropological statement, and subsequent domainorientated replies. In essence, this deliverable is less about firm answers tospecific questions, and instead aims to inform the reader on how emergingtechnologies may find application in AmI, and to stimulate further discussionon both the specific and broader issues that such development entails.

D12.3: A Holistic Privacy Framework for RFID Applications

The objective of this deliverable is to discuss whether it is possible to create a holistic privacy framework for Radio Frequency Identification (RFID) systems given current advances in the area and if so what would such a framework look like. The deliverable gives an overview of privacy problems in relation to RFID from legal, ethical, social and technical standpoints and discusses and presents some of the efforts made to address these problems. Based on this, a checklist for evaluating the privacy friendliness of an RFID system is presented as a first tentative approach towards a framework. The overall conclusion is that much more research effort and technological development needs to be done before a true holistic framework can be constructed.

D12.4: Integrated Workshop on Emerging AmI

The second FIDIS WP12 integrated workshop on Emerging AmI Technologieswas held at the Interdisciplinary Centre for Law and ICT (ICRI), KatholiekeUniversiteit Leuven, Belgium. The workshop was designed to be the reviewevent for first contributions to two ongoing deliverables: D12.5 “Use cases andscenarios of emerging technologies” & D12.6 “Study on ICT implants”. Assuch, the core content of these deliverables was developed through a range ofparticipant presentations and subsequent discussion. Additionally, co-ordinationof further contributions was conducted, and schedules revised.This document is a brief record of the event.

D12.5: Use cases and scenarios of emerging technologies

Here we present a ‘gateway document’, which aims to distil some of the morecomplex concepts addressed by the FIDIS consortium into an easily digestibleform which, while reaching a wider community, links through to morescholarly FIDIS deliverables. This is achieved through a range of hypotheticalscenarios which illustrate how emerging technologies may impact our lives inthe future, within the context of identity. Emerging technologies is an areawhich pervades all of the work packages into which the work of FIDIS isseparated and clustered, and so, by drawing specific authors from across thesedivisions, this document gives a good insight into the ongoing endeavours ofthe network.By developing and presenting this work in narrative form this deliverable aimsto distance itself from the theoretical workings of emerging technologies andinstead looks to the potential applications they may find, and the pros and constherein. This is done through the use of short scenarios to highlight aspects,particularly relating to security and privacy, and the social and legalimplications.

D12.6: A Study on ICT Implants

The increasing commercialisation and growing potential of human ICTimplants has generated debate over the ethical, legal and social aspects of thetechnology, its products and application. Despite stakeholders calling forgreater policy and legal certainty within this area, gaps have already begun toemerge between the commercial reality of human ICT implants and the currentlegal frameworks designed to regulate these products.This study will detail and discuss the security and privacy implications ofhuman ICT implants that are used both in a medical context and forauthentication and identification purposes, that can hold or transmit personaldata, and which could ultimately be used for human enhancement. Here, wewill not only focus on the latest technological developments, but also the legal,social and ethical implications of the use and further application of thesetechnologies.

D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?

In the United States, identity theft is portrayed as a big problem, although theactual size of the problem is contested. Following the US situation, publicattention for identity theft in Europe is rising, but its prevalence is unknown.This report provides a first indication of the prevalence of identity theft inEurope, on which subsequent studies can build. For Belgium, France, Germany,and the United Kingdom, as well as the US, it sketches – as far as data areavailable – the prevalence of identity-related crime, vulnerabilities in financialand identification infrastructures, and legal, technical, and organizationalcountermeasures. It provides recommendations for policy makers not to focusonly on generally accepted definitions or collecting prevalence data, but toconduct in-depth studies of the strengths and weaknesses of European financialand identification infrastructures in the information society.

D12.10: Normality Mining: Results from a Tracking Study

Within FIDIS, WP3 and WP12 have dealt with RFID, WP11 has investigatedmobility and identity while WP6 has examined biometrics and WP7 profiling.The aim of this report is to bring these disparate threads together into a tangiblestudy which will demonstrate privacy issues surrounding products and serviceswhich are likely to start emerging on to the consumer market.New generations of mobile handsets, with integrated devices like GPS andinternet capabilities, are becoming less like traditional phones. In fact weshould stop viewing them as simply mobile phones - they are now more likemobile computers which can make phone calls. These advances in mobiletechnologies will inevitably lead to new services which we can enjoy anywhere,anytime. Location Based Services which utilise the phone’s GPS to tell us forexample where we are, or where the nearest cinema is, are an obvious first step– but what happens if the phone monitors where we go at all times? Can thesenew services build a picture of who we are based on where we have been? Canthey use this profile of us to understand what we like and tailor their resultsspecifically to us? And if so, at what cost to our privacy? In this report, aimedat the potential consumers of such services, we will look at results from a recenttracking study which examines these issues.

D16.2b: Conference on E-Voting and Identity

The deliverable highlights the topics, presentations and results as well as theorganizational aspects of the First Conference on E-Voting and Identity (VOTEID2007) that was held on October 4 - 5, 2007 in Bochum, Germany.The workshop was an international research meeting point for e-voting expertsfrom different disciplines who gave presentations about the different aspects ofe-voting and identity. The workshop ended with a panel discussion forreflection over previous sessions, and projections towards further research anddevelopment in the e-voting field. The revised selected papers of the workshopwere published under the Lecture Notes in Computer Science (LNCS 4896) ofSpringer as “E-Voting and Identity”. The second conference VOTE-ID ishosted by the University Luxembourg.